Reset Search



KB40524 - Client authentication fails with Pulse Secure Desktop client with the error message of "Missing or invalid certificate error message", but works via browser.

« Go Back


Last Modified Date11/8/2017 4:59 AM
This article describes an issue where certificate authentication fails when utilize Pulse Secure Desktop client, but does work using a browser.
Problem or Goal
When end users connect using Pulse Secure Desktop client, certificate authentication may fail with the following error message:
Missing or Invalid certificate error message
However, when the end user connect using a browser, certificate authentication is successful.
This issue occurs due to the complete certificate authority chain is not properly installed in the Trusted Client CA list for the Pulse Connect Secure (PCS) device

In the Pulse logs, the following message will appear:

PulseTray Pulse p0900 t403 jamCert.cpp:364 - 'JamCertLib' Found 3 personal certs
PulseTray Pulse p0900 t403 jamCert.cpp:377 - 'JamCertLib' 0) Processing Certificate 
[Subject: User XXXX, Issuer: "ISSUER NAME", 
PulseTray Pulse p0900 t403 osxCert.cpp:1443 - 'JamCertLib' SecTrustEvaluate() succeeded 
with SecTrustResultType (5: kSecTrustResultRecoverableTrustFailure (like Cert may be 
expired or something else))
PulseTray Pulse p0900 t403 jcSelectionRule.cpp:345 - 'JamCertLib' Certificate XXXX does 
not meet the required 'is trusted by the server' condition, skipping it (rank 0)

If the error is present, this does confirm that the Pulse Secure Desktop client is unable to obtain the complete CA certificate chain from the PCS device.

To resolve this issue, ensure the complete CA chain is installed in the Trust Client CA list on the PCS device.
  1. Login to admin console.
  2. Navigate to System > Configuration > Certificates > Trusted Client CAs
  3. Click Import CA Certificate
Related Links
Attachment 1 
Created ByVignesh Ramanan



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255